Moving charon to libcharon.
[strongswan.git] / src / libcharon / sa / authenticators / eap_authenticator.h
1 /*
2 * Copyright (C) 2006-2009 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup eap_authenticator eap_authenticator
18 * @{ @ingroup authenticators
19 */
20
21 #ifndef EAP_AUTHENTICATOR_H_
22 #define EAP_AUTHENTICATOR_H_
23
24 typedef struct eap_authenticator_t eap_authenticator_t;
25
26 #include <sa/authenticators/authenticator.h>
27
28 /**
29 * Implementation of authenticator_t using EAP authentication.
30 *
31 * Authentication using EAP involves the most complex authenticator. It stays
32 * alive over multiple ike_auth transactions and handles multiple EAP
33 * messages.
34 *
35 * @verbatim
36 ike_sa_init
37 ------------------------->
38 <-------------------------
39 followed by multiple ike_auth:
40
41 +--------+ +--------+
42 | EAP | IDi, [IDr,] SA, TS | EAP |
43 | client | ---------------------------> | server |
44 | | ID, AUTH, EAP | |
45 | | <--------------------------- | |
46 | | EAP | |
47 | | ---------------------------> | |
48 | | EAP | |
49 | | <--------------------------- | |
50 | | EAP | |
51 | | ---------------------------> | |
52 | | EAP(SUCCESS) | |
53 | | <--------------------------- | |
54 | | AUTH | | If EAP establishes
55 | | ---------------------------> | | a session key, AUTH
56 | | AUTH, SA, TS | | payloads use this
57 | | <--------------------------- | | key, not SK_pi/pr
58 +--------+ +--------+
59
60 @endverbatim
61 */
62 struct eap_authenticator_t {
63
64 /**
65 * Implemented authenticator_t interface.
66 */
67 authenticator_t authenticator;
68 };
69
70 /**
71 * Create an authenticator to authenticate against an EAP server.
72 *
73 * @param ike_sa associated ike_sa
74 * @param received_nonce nonce received in IKE_SA_INIT
75 * @param sent_nonce nonce sent in IKE_SA_INIT
76 * @param received_init received IKE_SA_INIT message data
77 * @param sent_init sent IKE_SA_INIT message data
78 * @return EAP authenticator
79 */
80 eap_authenticator_t *eap_authenticator_create_builder(ike_sa_t *ike_sa,
81 chunk_t received_nonce, chunk_t sent_nonce,
82 chunk_t received_init, chunk_t sent_init);
83
84 /**
85 * Create an authenticator to authenticate EAP clients.
86 *
87 * @param ike_sa associated ike_sa
88 * @param received_nonce nonce received in IKE_SA_INIT
89 * @param sent_nonce nonce sent in IKE_SA_INIT
90 * @param received_init received IKE_SA_INIT message data
91 * @param sent_init sent IKE_SA_INIT message data
92 * @return EAP authenticator
93 */
94 eap_authenticator_t *eap_authenticator_create_verifier(ike_sa_t *ike_sa,
95 chunk_t received_nonce, chunk_t sent_nonce,
96 chunk_t received_init, chunk_t sent_init);
97
98 #endif /** EAP_AUTHENTICATOR_H_ @}*/